[libmicrohttpd] 03/03: response: do not allow "Connection: keep-alive" h

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libmicrohttpd] 03/03: response: do not allow "Connection: keep-alive" h

From:	gnunet
Subject:	[libmicrohttpd] 03/03: response: do not allow "Connection: keep-alive" header
Date:	Sun, 01 Aug 2021 12:28:06 +0200

This is an automated email from the git hooks/post-receive script.

karlson2k pushed a commit to branch master
in repository libmicrohttpd.

commit db2ab3a5aee00d9716523eb9b478b29dcb332f9a
Author: Evgeny Grin (Karlson2k) <k2k@narod.ru>
AuthorDate: Sun Aug 1 13:24:32 2021 +0300

    response: do not allow "Connection: keep-alive" header
---
 src/microhttpd/response.c              |  12 ++-
 src/microhttpd/test_response_entries.c | 163 +++++++++++++++++++++++++++++++++
 2 files changed, 174 insertions(+), 1 deletion(-)

diff --git a/src/microhttpd/response.c b/src/microhttpd/response.c
index ec09d14a..3833990c 100644
--- a/src/microhttpd/response.c
+++ b/src/microhttpd/response.c
@@ -251,6 +251,8 @@ add_response_header_connection (struct MHD_Response 
*response,
     old_value_len = 0;
 
   value_len = strlen (value);
+  if (value_len >= SSIZE_MAX)
+    return MHD_NO;
   /* Additional space for normalisation and zero-termination*/
   norm_len = (ssize_t) (value_len + value_len / 2 + 1);
   buf_size = old_value_len + (size_t) norm_len;
@@ -258,7 +260,7 @@ add_response_header_connection (struct MHD_Response 
*response,
   buf = malloc (buf_size);
   if (NULL == buf)
     return MHD_NO;
-  /* Move "close" token (if any) to the front */
+  /* Remove "close" token (if any), it will be moved to the front */
   value_has_close = MHD_str_remove_token_caseless_ (value, value_len, "close",
                                                     MHD_STATICSTR_LEN_ ( \
                                                       "close"),
@@ -267,6 +269,14 @@ add_response_header_connection (struct MHD_Response 
*response,
   mhd_assert (0 <= norm_len);
   if (0 > norm_len)
     norm_len = 0; /* Must never happen */
+  if (0 != norm_len)
+  {
+    size_t len = norm_len;
+    MHD_str_remove_tokens_caseless_ (buf + old_value_len, &len,
+                                     "keep-alive",
+                                     MHD_STATICSTR_LEN_ ("keep-alive"));
+    norm_len = (ssize_t) len;
+  }
   if (0 == norm_len)
   { /* New value is empty after normalisation */
     if (! value_has_close)
diff --git a/src/microhttpd/test_response_entries.c 
b/src/microhttpd/test_response_entries.c
index 5a21b025..c4bf293d 100644
--- a/src/microhttpd/test_response_entries.c
+++ b/src/microhttpd/test_response_entries.c
@@ -612,6 +612,169 @@ main (int argc,
     return 3;
   }
 
+  if (MHD_NO != MHD_add_response_header (r, "Connection", "keep-Alive"))
+  {
+    fprintf (stderr,
+             "Successfully added \"Connection\" header with 
\"keep-Alive\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (! expect_str (MHD_get_response_header (r, "Connection"), NULL))
+  {
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (MHD_YES != MHD_add_response_header (r, "Connection", "keep-Alive, 
Close"))
+  {
+    fprintf (stderr,
+             "Cannot add \"Connection\" header with \"keep-Alive, Close\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (! expect_str (MHD_get_response_header (r, "Connection"), "close"))
+  {
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (MHD_NO != MHD_add_response_header (r, "Connection", "keep-Alive"))
+  {
+    fprintf (stderr,
+             "Successfully added \"Connection\" header with 
\"keep-Alive\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (MHD_YES != MHD_add_response_header (r, "Connection", "keep-Alive, 
Close"))
+  {
+    fprintf (stderr,
+             "Cannot add \"Connection\" header with \"keep-Alive, Close\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (! expect_str (MHD_get_response_header (r, "Connection"), "close"))
+  {
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (MHD_YES != MHD_add_response_header (r, "Connection",
+                                          "close, additional-token"))
+  {
+    fprintf (stderr, "Cannot add \"Connection\" header with "
+             "\"close, additional-token\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (! expect_str (MHD_get_response_header (r, "Connection"),
+                    "close, additional-token"))
+  {
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (MHD_NO != MHD_add_response_header (r, "Connection", "keep-Alive"))
+  {
+    fprintf (stderr,
+             "Successfully added \"Connection\" header with 
\"keep-Alive\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (! expect_str (MHD_get_response_header (r, "Connection"),
+                    "close, additional-token"))
+  {
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (MHD_YES != MHD_del_response_header (r, "Connection",
+                                          "additional-token,close"))
+  {
+    fprintf (stderr, "Cannot remove tokens from \"Connection\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (! expect_str (MHD_get_response_header (r, "Connection"), NULL))
+  {
+    MHD_destroy_response (r);
+    return 4;
+  }
+
+  if (MHD_YES != MHD_add_response_header (r, "Connection",
+                                          "Keep-aLive, token-1"))
+  {
+    fprintf (stderr,
+             "Cannot add \"Connection\" header with \"Keep-aLive, 
token-1\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (! expect_str (MHD_get_response_header (r, "Connection"), "token-1"))
+  {
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (MHD_YES != MHD_add_response_header (r, "Connection",
+                                          "Keep-aLive, token-2"))
+  {
+    fprintf (stderr,
+             "Cannot add \"Connection\" header with \"Keep-aLive, 
token-2\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (! expect_str (MHD_get_response_header (r, "Connection"),
+                    "token-1, token-2"))
+  {
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (MHD_YES != MHD_add_response_header (r, "Connection",
+                                          "Keep-aLive, token-3, close"))
+  {
+    fprintf (stderr,
+             "Cannot add \"Connection\" header with \"Keep-aLive, token-3, 
close\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (! expect_str (MHD_get_response_header (r, "Connection"),
+                    "close, token-1, token-2, token-3"))
+  {
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (MHD_YES != MHD_del_response_header (r, "Connection",
+                                          "close"))
+  {
+    fprintf (stderr, "Cannot remove \"close\" tokens from \"Connection\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (! expect_str (MHD_get_response_header (r, "Connection"),
+                    "token-1, token-2, token-3"))
+  {
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (MHD_YES != MHD_add_response_header (r, "Connection", "Keep-aLive, 
close"))
+  {
+    fprintf (stderr,
+             "Cannot add \"Connection\" header with \"Keep-aLive, token-3, 
close\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (! expect_str (MHD_get_response_header (r, "Connection"),
+                    "close, token-1, token-2, token-3"))
+  {
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (MHD_YES != MHD_del_response_header (r, "Connection",
+                                          "close, token-1, Keep-Alive, 
token-2, token-3"))
+  {
+    fprintf (stderr, "Cannot remove \"close\" tokens from \"Connection\".\n");
+    MHD_destroy_response (r);
+    return 4;
+  }
+  if (! expect_str (MHD_get_response_header (r, "Connection"), NULL))
+  {
+    MHD_destroy_response (r);
+    return 4;
+  }
+
   MHD_destroy_response (r);
   printf ("All tests has been successfully passed.\n");
   return 0;

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[libmicrohttpd] branch master updated (8df85c22 -> db2ab3a5), gnunet, 2021/08/01
- [libmicrohttpd] 03/03: response: do not allow "Connection: keep-alive" header, gnunet <=
- [libmicrohttpd] 02/03: Added MHD_uint64_to_str() internal function, gnunet, 2021/08/01
- [libmicrohttpd] 01/03: connection cleanup: streamlined cleanup process, gnunet, 2021/08/01

Prev by Date: [libmicrohttpd] branch master updated (8df85c22 -> db2ab3a5)
Next by Date: [libmicrohttpd] 02/03: Added MHD_uint64_to_str() internal function
Previous by thread: [libmicrohttpd] branch master updated (8df85c22 -> db2ab3a5)
Next by thread: [libmicrohttpd] 02/03: Added MHD_uint64_to_str() internal function
Index(es):
- Date
- Thread